@eva2000, you should fix the ciphers on your site. Should score 100%, some ciphers you use might present a security risk. Is your goal to support very old/deprecated browsers? I doubt a tech savvy person would use Windows XP IE8 or Android 2.3, java is irrelevant in our case

Forums are lucky the impact of WinXP specific browser sessions is relatively low according to my Google Analytics stats. But everyone should look at their own site stats to determine what's best for them

That's weird @eva2000, I ran yesterday the check I saw a bunch of 128 and 112 ciphers enabled?
Unless you changed them today.

BTW, the Key Exchange score is 90 because you use a 2048 strength for your private key, which is proper at current times. Using a 4096 key would be a waste of processor resources. I'm sticking with mines also at same value, for now. Just in case, don't forget to set the ssl_dhparam in Nginx, many people don't know about it.

I'm going to write an Nginx SSL tutorial soon, there is a lot of nonsense on the Internet about it.

Edit: I just noticed, you compiled Nginx with the new OpenSSL 1.0.2 release, nice.

@eva2000, OpenSSL + ChaCha + Poly = AXIVO
Nope... it does not order it our way, CHACHA is still last:
My current ciphers:
We need TLS_DHE_RSA_WITH_AES_256_CBC_SHA for curl... the only cipher that functions properly in both RHEL6/7 and supports FS.

@eva2000: Did not do anything, I simply ran once the SslLabs tests to validate the ciphers. When I open the AXIVO site in Chrome it does not show CHACHA+POLY as main used cipher. Does it do it for you?

@eva2000, I only compiled Nginx with OpenSSL 1.0.2a.. don't tell me I have to redo PHP and the rest of 85 packages on openssl-devel?
Edit: I see now. Can you send me by email the related code part?
Edit2: Never mind I found the issue.